I've heard Apple pays a million for Jailbreaks now. That's the lower bound for t...

conradev · 2025-05-25T00:13:04 1748131984

> now

That boundary was broken in 2015, about a decade ago: https://www.dailymail.co.uk/sciencetech/article-3301691/New-...

halJordan · 2025-05-25T01:29:01 1748136541

That's cool, Apple's bug bounty didn't exist ten years ago. Apple's bug bounty does max out at $1 million (although you can get bonus multipliers up to $2mil). Just read the content before throwing down the gotcha.

Thorrez · 2025-05-25T09:04:13 1748163853

That 1M was not paid by Apple. It was paid by Zerodium, a company that sold/sells vulnerabilities to attackers (e.g. NSA).

lern_too_spel · 2025-05-25T00:53:33 1748134413

That's the market rate. https://cyberscoop.com/zerodium-android-zero-days-bounty/

andrepd · 2025-05-25T01:07:06 1748135226

Well TIL that there are zero-day market makers...

tptacek · 2025-05-25T01:53:54 1748138034

Bear in mind: different buyers and different price structured. You can get more selling a vulnerability to CNE shops (say: every intelligence organization in Germany), but you'll be accepting more risk --- the payments are effectively tranched (or, equivalently, back-loaded on "maintenance" fees), and if the vulnerability dies you're S.O.L. Apple also won't make you build all the reliable exploitation enablement tooling a CNE buyer will. So: they pay less.

ThinkBeat · 2025-05-24T23:51:28 1748130688

Is there a way to contact Apple to apply for millions of dollars if one has a jailbreak?

X: Hi AppLE I haz jailb8?

Or is it via one of the intermediaries?

Or is there an email or some such that is published? (That will not to straight to 1st level support and forgotten about)

charcircuit · 2025-05-24T23:57:35 1748131055

https://security.apple.com/bounty/